From 5d99c388f612bd5a6a259dc0dc88a1841ff8fd7b Mon Sep 17 00:00:00 2001 From: Thomas LEVEIL Date: Sun, 26 Feb 2017 15:27:21 +0100 Subject: [PATCH] Add useful debugging comments into the generated nginx config file In the issue tracker, as many share their generated nginx config without context, it is impossible to get a glimpse of what could be wrong without starting a conversation asking the OP for more details/context. With this changes, the generated nginx config file will contain useful comments about environment variables, networks that were set at the time of generation. --- nginx.tmpl | 51 ++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 40 insertions(+), 11 deletions(-) diff --git a/nginx.tmpl b/nginx.tmpl index a5b1d32..1eb12aa 100644 --- a/nginx.tmpl +++ b/nginx.tmpl @@ -1,19 +1,32 @@ {{ $CurrentContainer := where $ "ID" .Docker.CurrentContainerID | first }} - +# ----------------------------------------------------------------------------- +# ENABLE_IPV6: {{ $.Env.ENABLE_IPV6 }} +# DEFAULT_HOST: {{ $.Env.DEFAULT_HOST }} +# VIRTUAL_PROTO: {{ $.Env.VIRTUAL_PROTO }} +# HTTPS_METHOD: {{ $.Env.HTTPS_METHOD }} +# CERT_NAME: {{ $.Env.CERT_NAME }} +# networks: {{ json $CurrentContainer.Networks }} +# ----------------------------------------------------------------------------- {{ define "upstream" }} + # upstream(Container={{ .Container.Name }}, Address={{ json .Address }}, Network={{ .Network.Name }}) + # Using swarm: {{ if .Container.Node.ID }}yes{{else}}no{{end}} + # Port published on host: {{ if .Address.HostPort }}yes{{else}}no{{end}} {{ if .Address }} {{/* If we got the containers from swarm and this container's port is published to host, use host IP:PORT */}} {{ if and .Container.Node.ID .Address.HostPort }} - # {{ .Container.Node.Name }}/{{ .Container.Name }} - server {{ .Container.Node.Address.IP }}:{{ .Address.HostPort }}; + server {{ .Container.Node.Address.IP }}:{{ .Address.HostPort }}; # {{ .Container.Node.Name }}/{{ .Container.Name }} (swarm mode and port published on host) {{/* If there is no swarm node or the port is not published on host, use container's IP:PORT */}} {{ else if .Network }} - # {{ .Container.Name }} - server {{ .Network.IP }}:{{ .Address.Port }}; + server {{ .Network.IP }}:{{ .Address.Port }}; # {{ .Container.Name }} + {{ else }} + # unexpected case 1 + # Container: {{ json .Container }} {{ end }} {{ else if .Network }} - # {{ .Container.Name }} - server {{ .Network.IP }} down; + server {{ .Network.IP }} down; # {{ .Container.Name }} + {{ else }} + #### no .Address and no .Network provided to upstream template + # Container: {{ json .Container }} {{ end }} {{ end }} @@ -101,26 +114,34 @@ server { {{ range $host, $containers := groupByMulti $ "Env.VIRTUAL_HOST" "," }} {{ $is_regexp := hasPrefix "~" $host }} {{ $upstream_name := when $is_regexp (sha1 $host) $host }} -# {{ $host }} +# ===================== {{ $host }} upstream {{ $upstream_name }} { {{ range $container := $containers }} + # ------------------------------------------------------ + # container: {{ $container.Name }} + # VIRTUAL_HOST: {{ $container.Env.VIRTUAL_HOST }} + # VIRTUAL_PORT: {{ $container.Env.VIRTUAL_PORT }} {{ $addrLen := len $container.Addresses }} {{ range $knownNetwork := $CurrentContainer.Networks }} {{ range $containerNetwork := $container.Networks }} {{ if eq $knownNetwork.Name $containerNetwork.Name }} - ## Can be connect with "{{ $containerNetwork.Name }}" network + # Can be connect with "{{ $containerNetwork.Name }}" network {{/* If only 1 port exposed, use that */}} {{ if eq $addrLen 1 }} + # only 1 port exposed {{ $address := index $container.Addresses 0 }} {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} {{/* If more than one port exposed, use the one matching VIRTUAL_PORT env var, falling back to standard web port 80 */}} {{ else }} + # multiple ports exposed: {{ json $container.Addresses }} {{ $port := coalesce $container.Env.VIRTUAL_PORT "80" }} {{ $address := where $container.Addresses "Port" $port | first }} {{ template "upstream" (dict "Container" $container "Address" $address "Network" $containerNetwork) }} {{ end }} + {{ else }} + # Cannot be connect with "{{ $containerNetwork.Name }}" network {{ end }} {{ end }} {{ end }} @@ -152,8 +173,10 @@ upstream {{ $upstream_name }} { {{ $is_https := (and (ne $https_method "nohttps") (ne $cert "") (exists (printf "/etc/nginx/certs/%s.crt" $cert)) (exists (printf "/etc/nginx/certs/%s.key" $cert))) }} {{ if $is_https }} +# start if $is_https {{ if eq $https_method "redirect" }} +# HTTPS_METHOD=redirect start server { server_name {{ $host }}; listen 80 {{ $default_server }}; @@ -163,6 +186,8 @@ server { access_log /var/log/nginx/access.log vhost; return 301 https://$host$request_uri; } + +# HTTPS_METHOD=redirect end {{ end }} server { @@ -189,7 +214,7 @@ server { {{ end }} {{ if (ne $https_method "noredirect") }} - add_header Strict-Transport-Security "max-age=31536000"; + add_header Strict-Transport-Security "max-age=31536000"; # because HTTPS_METHOD=noredirect {{ end }} {{ if (exists (printf "/etc/nginx/vhost.d/%s" $host)) }} @@ -217,11 +242,13 @@ server { } } +# end if $is_https {{ end }} {{ if or (not $is_https) (eq $https_method "noredirect") }} server { + # not https or HTTPS_METHOD=noredirect server_name {{ $host }}; listen 80 {{ $default_server }}; {{ if $enable_ipv6 }} @@ -256,6 +283,7 @@ server { {{ if (and (not $is_https) (exists "/etc/nginx/certs/default.crt") (exists "/etc/nginx/certs/default.key")) }} server { + # not https and /etc/nginx/certs/default.crt and /etc/nginx/certs/default.key exist server_name {{ $host }}; listen 443 ssl http2 {{ $default_server }}; {{ if $enable_ipv6 }} @@ -268,6 +296,7 @@ server { ssl_certificate_key /etc/nginx/certs/default.key; } {{ end }} +{{ end }} +# ===================== end {{ $host }} {{ end }} -{{ end }}